CVE-2025-5472

Medium CVSS: 6.5

The JSONReader in run-llama/llama_index versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Service (DoS) by submitting deeply nested JSON structures, leading to a RecursionError and crashing applications. The root cause is the unsafe recursive traversal design and lack of depth validation, which makes the JSONReader susceptible to stack overflow when processing deeply nested JSON. This impacts the availability of services, making them unreliable and disrupting workflows. The issue is resolved in version 0.12.38.

Vendor

Llamaindex

Product

Llamaindex

CWE

CWE-674

Yayın Tarihi

2025-07-07 10:15:28

Güncelleme

2025-07-30 20:03:35

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-674 Llamaindex MEDIUM Llamaindex 2025

Referanslar

https://github.com/run-llama/llama_index/commit/c032843a02ce38fd8f284b2aa5a37fd1c17ae635 https://huntr.com/bounties/df187bda-7911-4823-a19a-e15b2c66b0d4

Benzer Kayıtlar

High

CVE-2024-14021

LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserialization vulnerability i…

High

CVE-2024-58339

LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vuln…

High

CVE-2025-7707

The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which…

Medium

CVE-2025-6211

A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the…

High

CVE-2025-6209

A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the…

Medium

CVE-2025-6210

A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, al…